How to Protect Confidential Information in Your Business
Nationwide, there has been a significant increase in the number of cyber attacks focused on small and medium size businesses. These attacks can result in the fraudulent transfer of funds by exploiting your valid online banking credentials.
We thought it was important to offer some best practice recommendations on protecting yourself and your business from cyber criminals. Computer and information security is an on-going activity that requires your constant vigilance. We’ve also included an overview of the new Massachusetts Consumer Privacy Law.
Best Practice Recommendations
Never respond to emails requesting you provide your username, passwords, PIN codes or other similar information.
- Create strong passwords that use 8-10 characters consisting of a combination of upper and lower case letters, numbers and special characters
- Never share user names and passwords
- Do not use the same passwords or login credentials for every web site visited
- Change passwords a few times each year
- Protect your business network’s Internet connection with dedicated firewalls
- Install and maintain up-to-date anti-virus software
- Insure all computers are updated with the operating system and application software security patches
- Verify the use of a secure browser session (identified by https not http) for all online banking
- Never access banking or other financial services from public computers
- Frequently review your account activity and immediately notify the Bank of any suspicious activity
In the event that you become a victim of fraud, you should:
- Contact us and request:
- Online access to the compromised account(s) be disabled
- Change your online banking password
- Close out the affected account and open a new one
- Review all recent account activity and report any suspicious transactions
- If fraud is confirmed file a police report with the local police department
Mass 201 CMR 17- Standards for the Protection of Personal Information of Residents of the Commonwealth
Effective on March 1, 2010, the Commonwealth of Massachusetts will implement new regulatory requirements to protect personal information from the rising incidence of fraud and identity theft through the enactment of 201 CMR 17.00.
This law defines a minimum standard to be met for the protection of Massachusetts residents' Personal Information (PI) in either paper or electronic records. PI is defined as a resident's first name and last name or first initial and last name in combination with any one or more of the following data elements:
- Social Security number;
- driver's license number or Massachusetts identification card number;
- financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password that would permit access to a resident's financial account.
As a business if you store any Personal Information either electronically or on paper, you must comply with this new regulation.
To learn more about this new requirement we’ve provided both a compliance check list and answers to frequently asked questions:
Frequently Asked Question and Compliance Checklist
Should you have any questions or require additional information please contact your Relationship Manager, or our Information Center at 1-877-463-6287.
